[Bono]

Quote:

Originally Posted by mistwang

The best way to deal with bot net is combine LiteSpeed with firewall like iptables, when you set connection soft/hard limit properly, litepseed will log those IP that reaches those limits, those IPs are mostly member of the bot net or people trying to abuse your server. LiteSpeed does block them automatically, however, block them at firewall is better.

A script called "fail2ban" is nice tool which can automate this for you. it can parse the LiteSpeed log file and extract offending IPs, block them automatically. CSF has similar feature, what you need to do is to configure a regular expression to match log entry.

Do you have any tip how can i do that with CSF? Usually i cought attackers with this tool http://nix101.com/category/antiddos/ but this time they are not using SYN FLOOD.

Quote:

top - 00:43:48 up 88 days, 16:34, 1 user, load average: 1.16, 1.23, 2.05
Tasks: 131 total, 6 running, 125 sleeping, 0 stopped, 0 zombie
Cpu(s): 10.6% us, 10.6% sy, 30.7% ni, 48.2% id, 0.0% wa, 0.0% hi, 0.0% si
Mem: 4151296k total, 4060148k used, 91148k free, 226148k buffers
Swap: 2040212k total, 144k used, 2040068k free, 3035552k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
15666 mysql 10 -5 525m 369m 3768 S 35.8 9.1 12504:02 mysqld
32390 nobody 17 1 276m 12m 9752 R 32.8 0.3 0:08.90 lsphp5
32393 nobody 17 1 276m 13m 11m R 15.9 0.3 0:05.60 lsphp5
32394 nobody 17 1 276m 12m 9.9m R 14.9 0.3 0:08.25 lsphp5

Load looks better after applying those settings, just i dont know if it was because of settings or ddoser stopped the attack. I guess i will find out soon enough.